syncfusion-react-file-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md and examples explicitly configure ajaxSettings to fetch file listings, thumbnails and uploads from external endpoints (e.g., the Quick Start hostUrl https://ej2-aspcore-service.azurewebsites.net/ and ajaxSettings like https://api.example.com/api/FileManager/FileOperations), so untrusted/user-provided file metadata and content are ingested at runtime and can influence event handlers and UI actions (fileOpen, menuClick, beforeSend), enabling indirect instruction injection risk.